GoogleOSV:DSA-1999-1xulrunner - several vulnerabilities
10 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.363 Low
EPSS
Percentile
96.6%
Several remote vulnerabilities have been discovered in Xulrunner, a
runtime environment for XUL applications, such as the Iceweasel web
browser. The Common Vulnerabilities and Exposures project identifies
the following problems:
- CVE-2009-1571
Alin Rad Pop discovered that incorrect memory handling in the
HTML parser could lead to the execution of arbitrary code. - CVE-2009-3988
Hidetake Jo discovered that the same-origin policy can be
bypassed through window.dialogArguments. - CVE-2010-0159
Henri Sivonen, Boris Zbarsky, Zack Weinberg, Bob Clary, Martijn
Wargers and Paul Nickerson reported crashes in layout engine,
which might allow the execution of arbitrary code. - CVE-2010-0160
Orlando Barrera II discovered that incorrect memory handling in the
implementation of the web worker API could lead to the execution
of arbitrary code. - CVE-2010-0162
Georgi Guninski discovered that the same origin policy can be
bypassed through specially crafted SVG documents.
For the stable distribution (lenny), these problems have been fixed in
version 1.9.0.18-1.
For the unstable distribution (sid), these problems have been fixed in
version 1.9.1.8-1.
We recommend that you upgrade your xulrunner packages.
References
Related
10 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.363 Low
EPSS
Percentile
96.6%